Skillv1.0.0

ClawScan security

dead-letter-queue-analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:08 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose, but the runtime steps reference many environment variables and cloud credentials (AWS, Kafka, RabbitMQ) without declaring them — this mismatch could be sloppy or hide over-broad access expectations.
Guidance: This skill appears to do what it says (DLQ analysis) but the SKILL.md references many environment variables and cloud operations without declaring them. Before installing or invoking: 1) Confirm which environment variables and cloud credentials the agent will use (DLQ_URL/ARN, MAIN_QUEUE_ARN, KAFKA_BROKER, DLT_TOPIC, AWS credentials, RabbitMQ admin access). 2) Restrict credentials with least-privilege IAM roles (only allow read/list and, separately, restricted requeue permissions if replay is needed). 3) Test all replay operations in a staging environment first — commands like aws sqs start-message-move-task can move many messages. 4) Ensure CLIs referenced (aws, kafka-console-consumer, rabbitmqctl/rabbitmqadmin, python3) exist and are the correct versions. 5) Ask the maintainer or vendor for an explicit list of required env vars/permissions and for a safety checklist (what operations are read-only vs. destructive). If you cannot get that clarity, treat the skill as potentially risky and limit the agent's access to credentials and production queues.

Review Dimensions

Purpose & Capability: okThe name/description (DLQ analysis across SQS, RabbitMQ, Kafka, Azure) align with the commands and analysis steps in SKILL.md. The provided inspect, classify, report, replay, and alerting guidance is coherent with the stated goal.
Instruction Scope: concernSKILL.md includes concrete CLI commands that access queues (aws sqs, rabbitmqctl/rabbitmqadmin, kafka-console-consumer) and a replay step (aws sqs start-message-move-task). The instructions reference environment variables and ARNs (e.g., $DLQ_URL, $DLQ_ARN, $MAIN_QUEUE_ARN, $KAFKA_BROKER, $DLT_TOPIC) and assume availability of AWS CLI and other tools. The file does not declare or limit which credentials will be used; some operations (start-message-move-task) can move or requeue large numbers of messages and require permissions. The agent instructions also include inline Python snippets processing message bodies — these are fine but assume message payload formats and may expose sensitive message contents when run. Overall: the scope is appropriate for DLQ work but the runtime expectations (credentials, permissions, tool availability) are not made explicit.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest disk/write risk. It assumes external CLIs are present (aws, kafka-console-consumer, rabbitmqctl, rabbitmqadmin, python3) but does not install anything itself.
Credentials: concernThe registry metadata declares no required env vars or primary credential, yet the SKILL.md expects service-specific variables (queue URLs/ARNs, broker addresses, topics) and implicitly requires cloud credentials (e.g., AWS access key/secret or instance role) to run aws commands. That mismatch is significant: a user could inadvertently grant cloud credentials to an agent running these instructions without realizing the skill expects them. The number and sensitivity of implied credentials is proportional to the task, but they should be declared and scoped (least privilege IAM) — they are not.
Persistence & Privilege: okSkill is not always-enabled, does not request persistent presence, and does not include install scripts or write-to-disk behavior. Autonomous invocation is allowed by default (platform normal), but there is no additional privilege requested by the skill metadata.